Merge pull request #62 from fangpenlin/fix-61-support-aes-gcm-128

Fix #61 support AES GCM 128 / 192 JWE decryption

Author: danny-gallagher

src/main/java/com/mastercard/developer/encryption/jwe/JweObject.java

@@ -1,5 +1,6 @@
 package com.mastercard.developer.encryption.jwe;
 
+import com.google.common.collect.ImmutableSet;
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.JweConfig;
 import com.mastercard.developer.encryption.aes.AESCBC;
@@ -27,7 +28,7 @@ public class JweObject {
     private final String authTag;
 
     private static final String A128CBC_HS256 = "A128CBC-HS256";
-    private static final String A256GCM = "A256GCM";
+    private static final ImmutableSet<String> AES_GCM_ENCRYPTION_METHODS = ImmutableSet.of("A128GCM", "A192GCM", "A256GCM");
 
     private JweObject(JweHeader header, String rawHeader, String encryptedKey, String iv, String cipherText, String authTag) {
         this.header = header;
@@ -44,9 +45,9 @@ public String decrypt(JweConfig config) throws EncryptionException, GeneralSecur
 
         byte[] plainText;
 
-        if(encryptionMethod.equals(A256GCM)) {
+        if (AES_GCM_ENCRYPTION_METHODS.contains(encryptionMethod)) {
             plainText = AESGCM.decrypt(cek, this);
-        } else if(encryptionMethod.equals(A128CBC_HS256)) {
+        } else if (encryptionMethod.equals(A128CBC_HS256)) {
             plainText = AESCBC.decrypt(cek, this);
         } else {
             throw new EncryptionException(String.format("Encryption method %s not supported", encryptionMethod));
@@ -93,7 +94,7 @@ private static String serialize(String header, String encryptedKey, String iv, S
 
     public static JweObject parse(String encryptedPayload, JsonEngine jsonEngine) {
         String[] payloadParts = encryptedPayload.trim()
-                                    .split("\\.");
+                .split("\\.");
 
         String rawHeader = payloadParts[0];
         String encryptedKey = payloadParts[1];
@@ -109,7 +110,9 @@ public JweHeader getHeader() {
         return header;
     }
 
-    public String getRawHeader() { return rawHeader; }
+    public String getRawHeader() {
+        return rawHeader;
+    }
 
     private String getEncryptedKey() {
         return encryptedKey;

src/test/java/com/mastercard/developer/encryption/jwe/JWEObjectTest.java

@@ -1,7 +1,13 @@
 package com.mastercard.developer.encryption.jwe;
 
+import com.google.common.collect.ImmutableList;
 import com.mastercard.developer.test.TestUtils;
 import org.junit.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import java.util.stream.Stream;
 
 import static org.junit.Assert.assertEquals;
 
@@ -15,9 +21,18 @@ public void testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsCbcEncrypted()
         assertEquals("bar", decryptedPayload);
     }
 
-    @Test
-    public void testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypted() throws Exception {
-        JweObject jweObject = TestUtils.getTestGcmJweObject();
+    private static Stream<Arguments> aesGcmJweObjects() {
+        return ImmutableList.of(
+                        TestUtils.getTestAes128GcmJweObject(),
+                        TestUtils.getTestAes192GcmJweObject(),
+                        TestUtils.getTestAes256GcmJweObject())
+                .stream()
+                .map(jweObject -> Arguments.of(jweObject.getHeader().getEnc(), jweObject));
+    }
+
+    @ParameterizedTest(name = "[{index}] {0}")
+    @MethodSource("aesGcmJweObjects")
+    public void testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypted(String name, JweObject jweObject) throws Exception {
         String decryptedPayload = jweObject.decrypt(TestUtils.getTestJweConfigBuilder().build());
 
         assertEquals("{\"foo\":\"bar\"}", decryptedPayload);

src/test/java/com/mastercard/developer/interceptors/HttpExecuteJweInterceptorTest.java

@@ -154,7 +154,7 @@ public void testInterceptResponse_ShouldThrowAnExceptionWhenEncryptionNotSupport
 
         // GIVEN
         String encryptedPayload = "{" +
-                "\"encryptedPayload\":\"eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.peSgTt_lPbcNStWh-gI3yMzhOGtFCwExFwLxKeHwjzsXvHB0Fml5XnG0jRbJSfOHzKx02d0NVBzoDDRSAnafuabbbMKcoaUK-jZNHSg4BHdyBZpCO82kzvWeEm3TTNHIMBTfM00EmdFB03z_a0PaWsT-FIOzu4Sd5Z_nsNLhP9941CtVS-YtZ9WkgDezGipxA7ejQ3X5gFVy2RH1gL8OTbzIYCwBcrfSjAiCQgunNbLxPPlfZHB_6prPK7_50NS6FvuMnAhiqUiiAka8DHMdeGBWOie2Q0FV_bsRDHx_6CY8kQA3F_NXz1dELIclJhdZFfRt1y-TEfwOIj4nDi2JnA.8BYMB5MkH2ZNyFGS._xb3uDsUQcPT5fQyZw.O0MzJ5OvNyj_QMuqaloTWA\"}";
+                "\"encryptedPayload\":\"eyJlbmMiOiJYQzIwUCIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.7CF3JQoFw9BBsbDVX4TFcDBsrfSp1cUl1V6VsKqoXwappcidYKUlgaSfqnRi3u1MAQimqQ8DpoImXICmZtGwhA4TeUzR16HJvW2W-0OQ9MC9oWW7b00U8Whds1jomOGaI4Hbs3gqvLieXEbl05UtpLbK8vqSbiN1kxyftKIGZvNQS0PvHoZMdVAROiMbG0-T8GY1NfOgAumZvATNBZHL-FaV25_pZhIIkhMBfDDBlRL5abn1Zc_IM1WzaZbLXVpggfTSFbKQEKMnGdDc9LXP_MCUcfvdjdD3NApuq_7tbUvEpEyNzGCnL9KD_1iyz2RFQZUfx1aHXJ3tpO4Gvk7rXg.haTi4wWtgKvvEi8yXToc0UUuBBhMLING.wP9pmYHOZxkmKD_H9A.6Ir2s-8s9vF75BxuLl26hw\"}";
 
         JweConfig config = getTestJweConfigBuilder()
                 .withDecryptionPath("$.encryptedPayload", "$.foo")

src/test/java/com/mastercard/developer/test/TestUtils.java

@@ -56,7 +56,15 @@ public static JweObject getTestCbcJweObject() {
         return JweObject.parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.5bsamlChk0HR3Nqg2UPJ2Fw4Y0MvC2pwWzNv84jYGkOXyqp1iwQSgETGaplIa7JyLg1ZWOqwNHEx3N7gsN4nzwAnVgz0eta6SsoQUE9YQ-5jek0COslUkoqIQjlQYJnYur7pqttDibj87fcw13G2agle5fL99j1QgFPjNPYqH88DMv481XGFa8O3VfJhW93m73KD2gvE5GasOPOkFK9wjKXc9lMGSgSArp3Awbc_oS2Cho_SbsvuEQwkhnQc2JKT3IaSWu8yK7edNGwD6OZJLhMJzWJlY30dUt2Eqe1r6kMT0IDRl7jHJnVIr2Qpe56CyeZ9V0aC5RH1mI5dYk4kHg.yI0CS3NdBrz9CCW2jwBSDw.6zr2pOSmAGdlJG0gbH53Eg.UFgf3-P9UjgMocEu7QA_vQ", JsonEngine.getDefault());
     }
 
-    public static JweObject getTestGcmJweObject() {
+    public static JweObject getTestAes128GcmJweObject() {
+        return JweObject.parse("eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.WtvYljbsjdEv-Ttxx1p6PgyIrOsLpj1FMF9NQNhJUAHlKchAo5QImgEgIdgJE7HC2KfpNcHiQVqKKZq_y201FVzpicDkNzlPJr5kIH4Lq-oC5iP0agWeou9yK5vIxFRP__F_B8HSuojBJ3gDYT_KdYffUIHkm_UysNj4PW2RIRlafJ6RKYanVzk74EoKZRG7MIr3pTU6LIkeQUW41qYG8hz6DbGBOh79Nkmq7Oceg0ZwCn1_MruerP-b15SGFkuvOshStT5JJp7OOq82gNAOkMl4fylEj2-vADjP7VSK8GlqrA7u9Tn-a4Q28oy0GOKr1Z-HJgn_CElknwkUTYsWbg.PKl6_kvZ4_4MjmjW.AH6pGFkn7J49hBQcwg.zdyD73TcuveImOy4CRnVpw", JsonEngine.getDefault());
+    }
+
+    public static JweObject getTestAes192GcmJweObject() {
+        return JweObject.parse("eyJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.FWC8PVaZoR2TRKwKO4syhSJReezVIvtkxU_yKh4qODNvlVr8t8ttvySJ-AjM8xdI6vNyIg9jBMWASG4cE49jT9FYuQ72fP4R-Td4vX8wpB8GonQj40yLqZyfRLDrMgPR20RcQDW2ThzLXsgI55B5l5fpwQ9Nhmx8irGifrFWOcJ_k1dUSBdlsHsYxkjRKMENu5x4H6h12gGZ21aZSPtwAj9msMYnKLdiUbdGmGG_P8a6gPzc9ih20McxZk8fHzXKujjukr_1p5OO4o1N4d3qa-YI8Sns2fPtf7xPHnwi1wipmCC6ThFLU80r3173RXcpyZkF8Y3UacOS9y1f8eUfVQ.JRE7kZLN4Im1Rtdb.eW_lJ-U330n0QHqZnQ._r5xYVvMCrvICwLz4chjdw", JsonEngine.getDefault());
+    }
+
+    public static JweObject getTestAes256GcmJweObject() {
         return JweObject.parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.8c6vxeZOUBS8A9SXYUSrRnfl1ht9xxciB7TAEv84etZhQQ2civQKso-htpa2DWFBSUm-UYlxb6XtXNXZxuWu-A0WXjwi1K5ZAACc8KUoYnqPldEtC9Q2bhbQgc_qZF_GxeKrOZfuXc9oi45xfVysF_db4RZ6VkLvY2YpPeDGEMX_nLEjzqKaDz_2m0Ae_nknr0p_Nu0m5UJgMzZGR4Sk1DJWa9x-WJLEyo4w_nRDThOjHJshOHaOU6qR5rdEAZr_dwqnTHrjX9Qm9N9gflPGMaJNVa4mvpsjz6LJzjaW3nJ2yCoirbaeJyCrful6cCiwMWMaDMuiBDPKa2ovVTy0Sw.w0Nkjxl0T9HHNu4R.suRZaYu6Ui05Z3-vsw.akknMr3Dl4L0VVTGPUszcA", JsonEngine.getDefault());
     }